HN 표시: MCPSec – 모델 컨텍스트 프로토콜 구성을 위한 OWASP MCP 상위 스캐너

OWASP MCP Top 10 security scanner for Model Context Protocol (MCP) server configurations. Think Prowler, but purpose-built for MCP. MCPSec audits MCP server definition files for security risks, outputs findings in OCSF JSON or human-readable tables, and supports a pluggable YAML rules engine for community-contributed detections. - Developer laptop audit -- Scan your Claude Desktop, Cursor, or VS Code MCP configs to find hardcoded API keys, missing auth, and overly broad permissions before they leak - CI/CD gate -- Add mcpsec scan --fail-on high to your pipeline to block deploys with critical or high-severity MCP misconfigurations - Security team posture assessment -- Scan all MCP configs across your org, output OCSF JSON to your SIEM, and track risk posture over time - Claude Desktop Extension (DXT) review -- Audit DXT manifests or your entire Extensions directory for tool spoofing, missing schemas, and integrity violations - Compliance evidence -- Generate machine-readable OCSF findings as audit artifacts for security reviews brew install pfrederiksen/tap/mcpsec go install github.com/pfrederiksen/mcpsec@latest Download pre-built binaries from the Releases page for Linux (amd64/arm64), macOS (amd64/arm64), and Windows (amd64). git clone https://github.com/pfrederiksen/mcpsec.git cd mcpsec make build - uses: pfrederiksen/mcpsec@v1 with: config: path/to/mcp-config.json fail-on: high See GitHub Action usage below for full options. # Scan an MCP server config file mcpsec scan mcp-config.json # Scan your Claude Desktop config mcpsec scan ~/Library/Application\ Support/Claude/claude_desktop_config.json # Scan your Claude Desktop Extensions directory (auto-detected) mcpsec scan ~/Library/Application\ Support/Claude/Claude\ Extensions/ # Scan a single DXT extension manifest mcpsec scan ~/Library/Application\ Support/Claude/Claude\ Extensions/my-ext/manifest.json # Output as OCSF JSON mcpsec scan --format json mcp-config.json # Only show critical and high findings mcpsec scan --severity critical,high mcp-config.json # Fail CI if critical findings exist mcpsec scan --fail-on critical mcp-config.json ---------------------------------------------------------------------------------------------------- RULE ID NAME SEVERITY RESOURCE ---------------------------------------------------------------------------------------------------- MCP01-001 Potential prompt injection in tool descrip... HIGH mcpserver:vulnerable-demo MCP02-002 Excessive tool permissions CRITICAL mcpserver:vulnerable-demo MCP03-001 Missing authentication configuration CRITICAL mcpserver:vulnerable-demo MCP04-001 Plain-text secret in server environment CRITICAL mcpserver:vulnerable-demo MCP04-002 Plain-text secret in tool environment CRITICAL mcpserver:vulnerable-demo MCP05-001 Dangerous URI scheme in tool configuration HIGH mcpserver:vulnerable-demo MCP05-002 Tool URI targets internal network HIGH mcpserver:vulnerable-demo MCP06-001 Duplicate tool name detected HIGH mcpserver:vulnerable-demo MCP06-002 Missing tool integrity hash MEDIUM mcpserver:vulnerable-demo MCP07-001 Insecure HTTP transport HIGH mcpserver:vulnerable-demo MCP07-003 Weak TLS version configured HIGH mcpserver:vulnerable-demo MCP08-001 Missing input schema for tool MEDIUM mcpserver:vulnerable-demo MCP08-002 Input schema validation not enabled MEDIUM mcpserver:vulnerable-demo MCP09-001 No logging configuration MEDIUM mcpserver:vulnerable-demo MCP10-001 No rate limiting configured MEDIUM mcpserver:vulnerable-demo ---------------------------------------------------------------------------------------------------- Total: 15 finding(s) Each finding maps to an OCSF Security Finding (class_uid 2001): { "class_uid": 2001, "category_uid": 2, "activity_id": 1, "severity_id": 4, "severity": "high", "time": 1772757930, "finding": { "uid": "MCP01-001", "title": "Potential prompt injection in tool description", "desc": "Tool description contains instruction-like language that could be used to manipulate an LLM consuming tool output.", "remediation": { "desc": "Sanitize tool descriptions to remove instruction-like language." } }, "resources": [ { "type": "MCP Server", "name": "mcpserver:vulnerable-demo" } ], "metadata": { "product": { "name": "MCPSec Audit" }, "version": "dev" } } MCPSec auto-detects config formats. You can also specify explicitly with --input-format : | Format | Flag | Description | Example | |---|---|---|---| mcpServers JSON | --input-format mcpservers | Standard MCP config (Claude Desktop, Cursor) | claude_desktop_config.json | | DXT manifest | --input-format dxt | Claude Desktop Extension manifest | manifest.json | | DXT directory | --input-format dxtdir | Directory of DXT extensions | Claude Extensions/ | | Auto (default) | --input-format auto | Detects format from file content/structure | Any of the above | All 10 categories are implemented with built-in Go checks and YAML rules: | OWASP | Risk | Rule IDs | Severity | Description | |---|---|---|---|---| | MCP01 | Prompt Injection